From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: zhaoyang <huangzhaoyang@gmail.com>,
Zhaoyang Huang <zhaoyang.huang@unisoc.com>,
Russell King <rmk+kernel@armlinux.org.uk>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.9 21/27] ARM: 8901/1: add a criteria for pfn_valid of arm
Date: Wed, 4 Sep 2019 12:02:14 -0400 [thread overview]
Message-ID: <20190904160220.4545-21-sashal@kernel.org> (raw)
In-Reply-To: <20190904160220.4545-1-sashal@kernel.org>
From: zhaoyang <huangzhaoyang@gmail.com>
[ Upstream commit 5b3efa4f1479c91cb8361acef55f9c6662feba57 ]
pfn_valid can be wrong when parsing a invalid pfn whose phys address
exceeds BITS_PER_LONG as the MSB will be trimed when shifted.
The issue originally arise from bellowing call stack, which corresponding to
an access of the /proc/kpageflags from userspace with a invalid pfn parameter
and leads to kernel panic.
[46886.723249] c7 [<c031ff98>] (stable_page_flags) from [<c03203f8>]
[46886.723264] c7 [<c0320368>] (kpageflags_read) from [<c0312030>]
[46886.723280] c7 [<c0311fb0>] (proc_reg_read) from [<c02a6e6c>]
[46886.723290] c7 [<c02a6e24>] (__vfs_read) from [<c02a7018>]
[46886.723301] c7 [<c02a6f74>] (vfs_read) from [<c02a778c>]
[46886.723315] c7 [<c02a770c>] (SyS_pread64) from [<c0108620>]
(ret_fast_syscall+0x0/0x28)
Signed-off-by: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index 4fb1474141a61..0fe4a7025e467 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -192,6 +192,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max_low,
#ifdef CONFIG_HAVE_ARCH_PFN_VALID
int pfn_valid(unsigned long pfn)
{
+ phys_addr_t addr = __pfn_to_phys(pfn);
+
+ if (__phys_to_pfn(addr) != pfn)
+ return 0;
+
return memblock_is_map_memory(__pfn_to_phys(pfn));
}
EXPORT_SYMBOL(pfn_valid);
--
2.20.1
next prev parent reply other threads:[~2019-09-04 16:05 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-04 16:01 [PATCH AUTOSEL 4.9 01/27] ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.9 02/27] s390/bpf: fix lcgr instruction encoding Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.9 03/27] ARM: OMAP2+: Fix omap4 errata warning on other SoCs Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.9 04/27] s390/bpf: use 32-bit index for tail calls Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.9 05/27] batman-adv: fix uninit-value in batadv_netlink_get_ifindex() Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.9 06/27] NFSv4: Fix return values for nfs4_file_open() Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 07/27] NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 08/27] Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 09/27] qed: Add cleanup in qed_slowpath_start() Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 10/27] ARM: 8874/1: mm: only adjust sections of valid mm structures Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 11/27] batman-adv: Only read OGM tvlv_len after buffer len check Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 12/27] batman-adv: Only read OGM2 " Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 13/27] r8152: Set memory to all 0xFFs on failed reg reads Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 14/27] x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 15/27] netfilter: nf_conntrack_ftp: Fix debug output Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 16/27] NFSv2: Fix eof handling Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 17/27] NFSv2: Fix write regression Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 18/27] cifs: set domainName when a domain-key is used in multiuser Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 19/27] cifs: Use kzfree() to zero out the password Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 20/27] x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning Sasha Levin
2019-09-04 16:02 ` Sasha Levin [this message]
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 22/27] sky2: Disable MSI on yet another ASUS boards (P6Xxxx) Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 23/27] perf/x86/intel: Restrict period on Nehalem Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 24/27] perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 25/27] net: stmmac: dwmac-rk: Don't fail if phy regulator is absent Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 26/27] tools/power turbostat: fix buffer overrun Sasha Levin
2019-09-04 16:02 ` [PATCH AUTOSEL 4.9 27/27] net: seeq: Fix the function used to release some memory in an error handling path Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190904160220.4545-21-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=huangzhaoyang@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
--cc=zhaoyang.huang@unisoc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.